[GH-ISSUE #2084] FRP ssh service with fail2ban #1657

New issue

Closed

opened 2026-05-05 13:03:37 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented

2026-05-05 13:03:37 -06:00

Owner

Originally created by @troyliu0105 on GitHub (Nov 19, 2020).
Original GitHub issue: https://github.com/fatedier/frp/issues/2084

VERSION: frps:0.34.2, frpc:0.34.2
OS: frps: Archlinux x64, frpc: Ubuntu x64

Description:

When I use the frpc config to expose a local ssh service to public network, config like below:

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 12345
use_compression = true
use_encryption = true

it forwards incoming connections to 127.0.0.1:22, and the auth.log show that remote IP address is 127.0.0.1.
So fail2ban could not find the correct public IP address. 🙃

Originally created by @troyliu0105 on GitHub (Nov 19, 2020). Original GitHub issue: https://github.com/fatedier/frp/issues/2084 VERSION: frps:0.34.2, frpc:0.34.2 OS: frps: Archlinux x64, frpc: Ubuntu x64 Description: When I use the frpc config to expose a local ssh service to public network, config like below: ``` [ssh] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 12345 use_compression = true use_encryption = true ``` it forwards incoming connections to 127.0.0.1:22, and the auth.log show that remote IP address is 127.0.0.1. So fail2ban could not find the correct public IP address. 🙃

gitea-mirror

2026-05-05 13:03:37 -06:00

closed this issue
added the
lifecycle/stale
label

gitea-mirror commented

2026-05-05 13:03:40 -06:00

Author

Owner

@fatedier commented on GitHub (Nov 19, 2020):

You can try proxy protocol https://github.com/fatedier/frp#proxy-protocol.

But i'm not sure if fail2ban can support this protocol.

On the other hand, if you are care about security, do not expose your ssh port to public network directly. Try stcp https://github.com/fatedier/frp#expose-your-service-privately instead.

@fatedier commented on GitHub (Nov 19, 2020): You can try `proxy protocol` https://github.com/fatedier/frp#proxy-protocol. But i'm not sure if fail2ban can support this protocol. On the other hand, if you are care about security, do not expose your ssh port to public network directly. Try `stcp` https://github.com/fatedier/frp#expose-your-service-privately instead.

gitea-mirror commented

2026-05-05 13:03:40 -06:00

Author

Owner

@github-actions[bot] commented on GitHub (Jan 4, 2021):

Issues go stale after 45d of inactivity. Stale issues rot after an additional 10d of inactivity and eventually close.

@github-actions[bot] commented on GitHub (Jan 4, 2021): Issues go stale after 45d of inactivity. Stale issues rot after an additional 10d of inactivity and eventually close.